Hacker News new | past | comments | ask | show | jobs | submit login

Alas, in Australia one of the more popular frameworks in gov agencies is Essential Eight, and they are a few years away from publishing an update with this radical idea.



My understanding is that Essential Eight doesn't require password rotation


If so then I'll be doubly frustrated - I've been assured by our domain experts that this is a requirement of the model.

Did it used to be and was since retracted? I suppose it may be a local or state-based 'implementation augmentation'.

I've trawled just now through the signals directorate site and can find plenty of references to passwords, but nothing specifically covering this.


It may have been as password rotation was a requirement thrown around, but to my knowledge it's not come up in assessments for a long time.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: